static int query_command(const char *data, char *digest, const EVP_MD *md,
const char *policy, int no_nonce,
int cert, const char *in, const char *out, int text)
{
int ret = 0;
TS_REQ *query = NULL;
BIO *in_bio = NULL;
BIO *data_bio = NULL;
BIO *out_bio = NULL;
/* Build query object either from file or from scratch. */
if (in != NULL)
{
if ((in_bio = BIO_new_file(in, "rb")) == NULL) goto end;
query = d2i_TS_REQ_bio(in_bio, NULL);
}
else
{
/* Open the file if no explicit digest bytes were specified. */
if (!digest
&& !(data_bio = BIO_open_with_default(data, "rb", stdin)))
goto end;
/* Creating the query object. */
query = create_query(data_bio, digest, md,
policy, no_nonce, cert);
/* Saving the random number generator state. */
}
if (query == NULL) goto end;
/* Write query either in ASN.1 or in text format. */
if ((out_bio = BIO_open_with_default(out, "wb", stdout)) == NULL)
goto end;
if (text)
{
/* Text output. */
if (!TS_REQ_print_bio(out_bio, query))
goto end;
}
else
{
/* ASN.1 output. */
if (!i2d_TS_REQ_bio(out_bio, query))
goto end;
}
ret = 1;
end:
ERR_print_errors(bio_err);
/* Clean up. */
BIO_free_all(in_bio);
BIO_free_all(data_bio);
BIO_free_all(out_bio);
TS_REQ_free(query);
return ret;
}
static LUA_FUNCTION(openssl_ts_req_read)
{
BIO *in = load_bio_object(L, 1);
TS_REQ *ts_req = d2i_TS_REQ_bio(in, NULL);
BIO_free(in);
if (ts_req)
{
PUSH_OBJECT(ts_req, "openssl.ts_req");
return 1;
}
return 0;
}
/*
* Query-related method definitions.
*/
static int query_command(const char *data, char *digest, const EVP_MD *md,
const char *policy, int no_nonce,
int cert, const char *in, const char *out, int text)
{
int ret = 0;
TS_REQ *query = NULL;
BIO *in_bio = NULL;
BIO *data_bio = NULL;
BIO *out_bio = NULL;
/* Build query object. */
if (in != NULL) {
if ((in_bio = bio_open_default(in, 'r', FORMAT_ASN1)) == NULL)
goto end;
query = d2i_TS_REQ_bio(in_bio, NULL);
} else {
if (digest == NULL
&& (data_bio = bio_open_default(data, 'r', FORMAT_ASN1)) == NULL)
goto end;
query = create_query(data_bio, digest, md, policy, no_nonce, cert);
}
if (query == NULL)
goto end;
if (text) {
if ((out_bio = bio_open_default(out, 'w', FORMAT_TEXT)) == NULL)
goto end;
if (!TS_REQ_print_bio(out_bio, query))
goto end;
} else {
if ((out_bio = bio_open_default(out, 'w', FORMAT_ASN1)) == NULL)
goto end;
if (!i2d_TS_REQ_bio(out_bio, query))
goto end;
}
ret = 1;
end:
ERR_print_errors(bio_err);
BIO_free_all(in_bio);
BIO_free_all(data_bio);
BIO_free_all(out_bio);
TS_REQ_free(query);
return ret;
}
static TS_VERIFY_CTX *create_verify_ctx(char *data, char *digest,
char *queryfile,
char *CApath, char *CAfile,
char *untrusted,
X509_VERIFY_PARAM *vpm)
{
TS_VERIFY_CTX *ctx = NULL;
BIO *input = NULL;
TS_REQ *request = NULL;
int ret = 0;
int f = 0;
if (data != NULL || digest != NULL) {
if ((ctx = TS_VERIFY_CTX_new()) == NULL)
goto err;
f = TS_VFY_VERSION | TS_VFY_SIGNER;
if (data != NULL) {
f |= TS_VFY_DATA;
if (TS_VERIFY_CTX_set_data(ctx, BIO_new_file(data, "rb")) == NULL)
goto err;
} else if (digest != NULL) {
long imprint_len;
unsigned char *hexstr = OPENSSL_hexstr2buf(digest, &imprint_len);
f |= TS_VFY_IMPRINT;
if (TS_VERIFY_CTX_set_imprint(ctx, hexstr, imprint_len) == NULL) {
BIO_printf(bio_err, "invalid digest string\n");
goto err;
}
}
} else if (queryfile != NULL) {
if ((input = BIO_new_file(queryfile, "rb")) == NULL)
goto err;
if ((request = d2i_TS_REQ_bio(input, NULL)) == NULL)
goto err;
if ((ctx = TS_REQ_to_TS_VERIFY_CTX(request, NULL)) == NULL)
goto err;
} else
return NULL;
/* Add the signature verification flag and arguments. */
TS_VERIFY_CTX_add_flags(ctx, f | TS_VFY_SIGNATURE);
/* Initialising the X509_STORE object. */
if (TS_VERIFY_CTX_set_store(ctx, create_cert_store(CApath, CAfile, vpm))
== NULL)
goto err;
/* Loading untrusted certificates. */
if (untrusted
&& TS_VERIFY_CTS_set_certs(ctx, TS_CONF_load_certs(untrusted)) == NULL)
goto err;
ret = 1;
err:
if (!ret) {
TS_VERIFY_CTX_free(ctx);
ctx = NULL;
}
BIO_free_all(input);
TS_REQ_free(request);
return ctx;
}
static TS_VERIFY_CTX *
create_verify_ctx(char *data, char *digest, char *queryfile, char *ca_path,
char *ca_file, char *untrusted)
{
TS_VERIFY_CTX *ctx = NULL;
BIO *input = NULL;
TS_REQ *request = NULL;
int ret = 0;
if (data != NULL || digest != NULL) {
if (!(ctx = TS_VERIFY_CTX_new()))
goto err;
ctx->flags = TS_VFY_VERSION | TS_VFY_SIGNER;
if (data != NULL) {
ctx->flags |= TS_VFY_DATA;
if (!(ctx->data = BIO_new_file(data, "rb")))
goto err;
} else if (digest != NULL) {
long imprint_len;
ctx->flags |= TS_VFY_IMPRINT;
if (!(ctx->imprint = string_to_hex(digest,
&imprint_len))) {
BIO_printf(bio_err, "invalid digest string\n");
goto err;
}
ctx->imprint_len = imprint_len;
}
} else if (queryfile != NULL) {
/*
* The request has just to be read, decoded and converted to
* a verify context object.
*/
if (!(input = BIO_new_file(queryfile, "rb")))
goto err;
if (!(request = d2i_TS_REQ_bio(input, NULL)))
goto err;
if (!(ctx = TS_REQ_to_TS_VERIFY_CTX(request, NULL)))
goto err;
} else
return NULL;
/* Add the signature verification flag and arguments. */
ctx->flags |= TS_VFY_SIGNATURE;
/* Initialising the X509_STORE object. */
if (!(ctx->store = create_cert_store(ca_path, ca_file)))
goto err;
/* Loading untrusted certificates. */
if (untrusted && !(ctx->certs = TS_CONF_load_certs(untrusted)))
goto err;
ret = 1;
err:
if (!ret) {
TS_VERIFY_CTX_free(ctx);
ctx = NULL;
}
BIO_free_all(input);
TS_REQ_free(request);
return ctx;
}